The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache Pre VirtualHost Include and SSL Cipher Suite cPanel Config

Discussion in 'Security' started by vlee, Jun 8, 2017.

  1. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    335
    Likes Received:
    18
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    Just being nice today...

    I found this following configuration below is very helpful in providing solid security on cPanel servers.

    Scored a A+ on SSL Server Test at SSL Server Test (Powered by Qualys SSL Labs)

    No weak Cipher Suites at all.

    Everyone is welcome use what I have and even improve it and please post your improvements in this thread thank you.

    SSL Cipher Suite
    Code:
    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
    Apache Pre VirtualHost Include
    Code:
    # Enable SSLUseStapling
    SSLUseStapling on
    SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
    SSLHonorCipherOrder On
    SSLCompression off
    
    # Enable HTTP Strict Transport Security
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    
    # Enable HTTP Secure Cookie
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
    
    # DISABLE CACHING
    <IfModule mod_headers.c>
        Header set Cache-Control "max-age=0, private, no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires 0
    </IfModule>
    
    # Enable GZIP Compression.
    <IfModule mod_deflate.c>
        SetOutputFilter DEFLATE
        <IfModule mod_setenvif.c>
            # Netscape 4.x has some problems...
            BrowserMatch ^Mozilla/4 gzip-only-text/html
          
            # Netscape 4.06-4.08 have some more problems
            BrowserMatch ^Mozilla/4\.0[678] no-gzip
          
            # MSIE masquerades as Netscape, but it is fine
            # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
          
            # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
            # the above regex won't work. You can use the following
            # workaround to get the desired effect:
            BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
          
            # Don't compress images
            SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
        </IfModule>
     
        <IfModule mod_headers.c>
            # Make sure proxies don't deliver the wrong content
            Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </IfModule>
    I hope this helps you all out.
     
  2. cPanelJasonT

    cPanelJasonT Level 2 Technical Analyst
    Staff Member

    Joined:
    Oct 21, 2014
    Messages:
    55
    Likes Received:
    6
    Trophy Points:
    83
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page